
This is why we can’t have nice things. Spammers exist, and so we have to do stuff to make sure that our email is trusted by receiving systems.
Technologists being who they are, none of this is easy, or comprehensibly named, but here we go. If you’ve got an email address from a big provider, like one that ends in icloud.com, or gmail.com, me.com, or mac.com, yahoo.com, outlook.com, or hotmail.com, etc, you don’t have to worry; big companies take care of this stuff for you.
But if you bring your own domain — like, say, ivanexpert.com — and host it at a mail host like Google Workspace or Microsoft 365 or FastMail, you are usually in charge of the tech details. You need to, at your DNS host (usually your registrar, or web host, or sometimes your mail host, or, occastionally, a service unto itself, like CloudFlare), correctly set up SPF, DKIM, and DMARC.
I’m not going to even both explaining what these things are, except to say that a) they’re part of how your domain is configured in its zone records at your DNS host, and b) receiving systems may not trust your mail if they are set up incorrectly, or not at all, and may flag it as spam, or reject it entirely. If you have your own domain, you want to make sure this is all set up correctly.
A good tool for checking out whether these things are set up is at MXToolbox.com. You type in your domain, and then choose from its menu what you’re trying to test.
Another way to know that your outgoing messages are being received correctly are to send them to a Gmail or Google-hosted address (which can be your own). Open a message in Gmail and click the three dots, and choose “Show Original.” If you have SPF, DKIM, and DMARC set up, those things will be shown in the header section, beneath the subject, hopefully with the word “PASS” to the right of them. If you want to see what this looks like send to a Gmail address from another Gmail address or a Yahoo address or an Apple address, anything that’s not a custom domain. You’ll see all three.
I’m not gonna get real deep into the weeds here for setting things up — it’s the kind of thing you call a pro for help with. But, here’s a quick overview, for the daring:
SPF: This is a specially formatted TXT record that is specified by your mail host. Here are some common SPF record settings. Needless to say, don’t muck with this stuff if you don’t know what you’re doing.
Microsoft 365: host: @, text: v=spf1 include:spf.protection.outlook.com -all
Google Workspace (formerly G Suite): host: @, text: v=spf1 include:_spf.google.com ~all
Intermedia: host: @, text: v=spf1 include:spf.intermedia.net ~all
FastMail: host: @, text: v=spf1 include:spf.messagingengine.com ?all
DKIM: This is messier, except at Microsoft 365, where it’s pretty easy. You have have your mail host generate a “key” (which is a mishmash of letters and numbers), and you have to to put that key in as a TXT record at your DNS host (and some older DNS hosts can’t handle the length of the key, which means you need a better DNS host like CloudFlare). Once that’s in, you tell your mail host to start “signing” with the key. If you don’t know how to make your mail host generate a DKIM key, call and ask. (Or we can help, of course.) On Microsoft 365, it’s different: you instead create two CNAME records that look like:
host: selector1._domainkey, target: selector1-yourdomaingoeshere-com._domainkey.yourMS365internalDomainNameGoesHere.onmicrosoft.com
The second record is exactly the same, except you put “selector2” in the place of “selector1”.
DMARC: I gotta be candid with you, I still don’t fully understand how DMARC aids in trusting mail, but I know it’s what all the big players want. So. To set up DMARC, first you need SPF and DKIM working. Once you’ve verified that, you create a TXT record like so:
host: _dmarc, text: v=DMARC1; p=none;
This record can be much more complex; what’s shown here is the bare minimum of what you need (and, well, what we use here at IvanExpert world international headquarters, in our everlasting quest to make things no more complicated than needed, both for you and us).
I hope, in this post, if you’re technically disposed, you’ve got enough clues as to how to set these up for yourself for the big mail providers. And, if any of this made your head spin, you’ll ask your host, or ask a consultant (you know, like us) to help you get it all set up and working so that your mail all gets to its intended place.
Image by JeepersMedia, courtesy Flickr Creative Commons